diff options
author | Alan Coopersmith <alan.coopersmith@sun.com> | 2006-06-20 18:40:18 -0700 |
---|---|---|
committer | Alan Coopersmith <alanc@alf.(none)> | 2006-06-20 18:40:18 -0700 |
commit | a46c06dab8392cf8012c7cc0b916de9a9e569671 (patch) | |
tree | 21c6976d6406d7002e942a1dfc7728dba5e78d32 /Xext | |
parent | 49b368c0bb04816c4a3579071c596b2398cae3ec (diff) | |
parent | d44b2a0a57fb89741173c31676af0ccc822387dc (diff) |
Merge branch 'master' of git+ssh://git.freedesktop.org/git/xorg/xserver
Conflicts:
Xext/appgroup.c
Xext/security.c
dix/devices.c
dix/dispatch.c
dix/dixutils.c
dix/events.c
dix/extension.c
dix/property.c
dix/window.c
os/access.c
Diffstat (limited to 'Xext')
-rw-r--r-- | Xext/appgroup.c | 3 | ||||
-rw-r--r-- | Xext/security.c | 2 | ||||
-rw-r--r-- | Xext/securitysrv.h | 133 |
3 files changed, 135 insertions, 3 deletions
diff --git a/Xext/appgroup.c b/Xext/appgroup.c index e182cadda..8db4cef01 100644 --- a/Xext/appgroup.c +++ b/Xext/appgroup.c @@ -45,8 +45,7 @@ from The Open Group. #include <X11/extensions/Xagstr.h> #include <X11/extensions/Xagsrv.h> #include "xacestr.h" -#define _SECURITY_SERVER -#include <X11/extensions/security.h> +#include "securitysrv.h" #include <X11/Xfuncproto.h> #define XSERV_t diff --git a/Xext/security.c b/Xext/security.c index 957f083a6..f80d46406 100644 --- a/Xext/security.c +++ b/Xext/security.c @@ -40,7 +40,7 @@ in this Software without prior written authorization from The Open Group. #include "colormapst.h" #include "propertyst.h" #include "xacestr.h" -#define _SECURITY_SERVER +#include "securitysrv.h" #include <X11/extensions/securstr.h> #include <assert.h> #include <stdarg.h> diff --git a/Xext/securitysrv.h b/Xext/securitysrv.h new file mode 100644 index 000000000..596eead0d --- /dev/null +++ b/Xext/securitysrv.h @@ -0,0 +1,133 @@ +/* +Copyright 1996, 1998 The Open Group + +Permission to use, copy, modify, distribute, and sell this software and its +documentation for any purpose is hereby granted without fee, provided that +the above copyright notice appear in all copies and that both that +copyright notice and this permission notice appear in supporting +documentation. + +The above copyright notice and this permission notice shall be included +in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS +OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. +IN NO EVENT SHALL THE OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR +OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, +ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR +OTHER DEALINGS IN THE SOFTWARE. + +Except as contained in this notice, the name of The Open Group shall +not be used in advertising or otherwise to promote the sale, use or +other dealings in this Software without prior written authorization +from The Open Group. +*/ + +/* Xserver internals for Security extension - moved here from + _SECURITY_SERVER section of <X11/extensions/security.h> */ + +#ifndef _SECURITY_SRV_H +#define _SECURITY_SRV_H + +/* Allow client side portions of <X11/extensions/security.h> to compile */ +#ifndef Status +# define Status int +# define NEED_UNDEF_Status +#endif +#ifndef Display +# define Display void +# define NEED_UNDEF_Display +#endif + +#include <X11/extensions/security.h> + +#ifdef NEED_UNDEF_Status +# undef Status +# undef NEED_UNDEF_Status +#endif +#ifdef NEED_UNDEF_Display +# undef Display +# undef NEED_UNDEF_Display +#endif + + +#include "input.h" /* for DeviceIntPtr */ +#include "property.h" /* for PropertyPtr */ +#include "pixmap.h" /* for DrawablePtr */ +#include "resource.h" /* for RESTYPE */ + +/* resource type to pass in LookupIDByType for authorizations */ +extern RESTYPE SecurityAuthorizationResType; + +/* this is what we store for an authorization */ +typedef struct { + XID id; /* resource ID */ + CARD32 timeout; /* how long to live in seconds after refcnt == 0 */ + unsigned int trustLevel; /* trusted/untrusted */ + XID group; /* see embedding extension */ + unsigned int refcnt; /* how many clients connected with this auth */ + unsigned int secondsRemaining; /* overflow time amount for >49 days */ + OsTimerPtr timer; /* timer for this auth */ + struct _OtherClients *eventClients; /* clients wanting events */ +} SecurityAuthorizationRec, *SecurityAuthorizationPtr; + +/* The following callback is called when a GenerateAuthorization request + * is processed to sanity check the group argument. The call data will + * be a pointer to a SecurityValidateGroupInfoRec (below). + * Functions registered on this callback are expected to examine the + * group and set the valid field to TRUE if they recognize the group as a + * legitimate group. If they don't recognize it, they should not change the + * valid field. + */ +extern CallbackListPtr SecurityValidateGroupCallback; +typedef struct { + XID group; /* the group that was sent in GenerateAuthorization */ + Bool valid; /* did anyone recognize it? if so, set to TRUE */ +} SecurityValidateGroupInfoRec; + +/* Proc vectors for untrusted clients, swapped and unswapped versions. + * These are the same as the normal proc vectors except that extensions + * that haven't declared themselves secure will have ProcBadRequest plugged + * in for their major opcode dispatcher. This prevents untrusted clients + * from guessing extension major opcodes and using the extension even though + * the extension can't be listed or queried. + */ +extern int (*UntrustedProcVector[256])(ClientPtr client); +extern int (*SwappedUntrustedProcVector[256])(ClientPtr client); + +extern Bool SecurityCheckDeviceAccess(ClientPtr client, DeviceIntPtr dev, + Bool fromRequest); + +extern void SecurityAudit(char *format, ...); + +extern int XSecurityOptions(int argc, char **argv, int i); + +/* Give this value or higher to the -audit option to get security messages */ +#define SECURITY_AUDIT_LEVEL 4 + +extern void SecurityCensorImage( + ClientPtr client, + RegionPtr pVisibleRegion, + long widthBytesLine, + DrawablePtr pDraw, + int x, int y, int w, int h, + unsigned int format, + char * pBuf); + +#define SecurityAllowOperation 0 +#define SecurityIgnoreOperation 1 +#define SecurityErrorOperation 2 + +extern char +SecurityCheckPropertyAccess( + ClientPtr client, + WindowPtr pWin, + ATOM propertyName, + Mask access_mode); + +#define SECURITY_POLICY_FILE_VERSION "version-1" + +extern char **SecurityGetSitePolicyStrings(int *n); + +#endif /* _SECURITY_SRV_H */ |